Sanitize your data? I don't know if I completely understand WHERE in your code the error occured (cfquery or form field etc).
For every parameter to a SQL statement, make sure they are passed through the CFQueryParam tag For every user-controlled piece of data being displayed in HTML, make sure it is passed through the HTMLEditFormat function. For every user-controlled piece of data being used in JavaScript, make sure it is passed through the JSStringFormat function. ~Brad -------- Original Message -------- Subject: Coldfusion Encrypt and Insert quotation mark issue From: Joel Black <[email protected]> Date: Thu, October 15, 2009 2:54 pm To: cf-talk <[email protected]> I am using the encrypt function to encrypt passwords going into and out of my database. I ran into an issue on a password that was one of the characters was encrypted to a ", which messed up my insert. "#encrypt(form.password,00000)#" ended up as "19$h#1".y " The extra " ended my string too early, which threw an error. Any ide ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:327261 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
